Associate Compliance Engineer

The Associate Compliance Engineer will support the organization's compliance, security, and audit activities by assisting in implementing, monitoring, and maintaining security controls and compliance processes. This entry-to-mid level role involves working closely with internal teams (engineering, IT, DevOps, and security) to ensure compliance with regulatory frameworks such as FedRAMP NIST framework, ISO 9001, ISO 27001, SOC 2, and other industry standards.

Key Responsibilities

• Regulatory & Standards Compliance

• Stay updated on industry compliance requirements and evolving regulatory frameworks.

• Ensure IT systems, applications, and infrastructure comply with regulatory frameworks (e.g., FedRAMP, NIST 800-53, NIST , SOC 2, ISO 27001, ISO 9001).

• Translate compliance requirements into actionable technical and process controls.

• Policy & Control Implementation

• Support development, implementation, and enforcement of IT security and compliance policies.

• Map technical controls to NIST 800-53, NIST or other relevant standards.

• Risk Assessment & Management

• Conduct periodic risk assessments and vulnerability analysis for IT systems.

• Collaborate with security teams to mitigate compliance gaps and document remediation.

• Continuous Monitoring & Reporting

• Support continuous monitoring processes, including scanning, logging, and incident tracking.

• Upload and manage compliance evidence in repositories (e.g., OMB MAX, Emass, O365 Document Repository).

• Collaboration with IT & Security Teams

• Work closely with product, Cloud and IT security teams to ensure secure configuration and patching.

• Support secure access controls, encryption, identity and access management, and monitoring solutions.

• Incident & Change Management

• Support compliance during incident response, ensuring root cause analysis and corrective actions are documented.

• Review system changes for compliance impact.

• Training & Awareness

• Assist in compliance-related training for organization employees and contractors.

• Promote awareness of compliance responsibilities across technical teams.

• Documentation & Reporting

• Maintain compliance documentation (SSPs, policies, procedures, system inventories).

• Generate compliance reports for internal stakeholders and external regulators.

• Vendor & Third-Party Compliance

• Assess third-party vendors for compliance with IT security standards.

• Ensure contracts and access meet regulatory requirements.

Candidate Requirements

For an Associate Compliance Engineer role, Casepoint seeks candidates with a Basic understanding of IT infrastructure, Knowledge of compliance documentation and reporting requirements in IT industries.

• Education: A bachelor's degree is often required.
• Experience: Candidates should have at least 0-2 years of experience in information technology (IT), Basic knowledge of security compliance frameworks such as FedRAMP, NIST 800-53, ISO 27001, SOC 2.
• Technical Understanding: Awareness of cloud environments (AWS, Azure, GCP) and their compliance/security requirements. Candidates should understand cloud computing concepts, architecture, and services, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Collaboration and Communication: Effective collaboration and communication skills are important for working in cross-functional teams and interacting with stakeholders. Associate Compliance Engineers should be able to articulate technical concepts to non-technical audiences and collaborate effectively with colleagues from different backgrounds. Strong attention to detail with the ability to identify compliance gaps. Effective communication skills to work with IT, security, and audit teams. Analytical and problem-solving mindset, eager to learn regulatory and technical requirements.
• Certifications: Relevant certifications can enhance a candidate's qualifications for an Associate Compliance Engineer role. Certifications such as AWS Certified Cloud Practitioner / Azure Fundamentals (AZ-900), ISO Foundation level), ITIL Foundation, SOC2 - Five Trust Services Criteria (Foundation level) NIST Framework and Control Family (Foundation level)
• Ability to obtain security clearance is a must for this position.

About OPEXUS + Casepoint

OPEXUS, a leader in government process management software, and Casepoint, a top provider of data discovery technology for litigation, investigations, and compliance, merged in January 2025, with a majority investment from Thoma Bravo. The merger combines OPEXUS' expertise in government process management and Casepoint's advanced data discovery technology to create a scalable platform that meets growing demands for efficient, secure data management in the public and regulated sectors. This collaboration enhances workflows for government and enterprise clients, focusing on data discovery, litigation, and compliance.

The Washington Post, which named Opexus+ Casepoint as the best place to work, solidifies the company's commitment to fostering a supportive, innovative, and inclusive work environment. Our dedicated team has created a culture grounded by our shared values that encourage everyone to speak up, join in, and celebrate together. From our hybrid work schedules to our prime downtown D.C. location, working at OPEXUS+Casepoint offers the best of all worlds.

OPEXUS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

#OPEX